Web安全
由LLM驱动的Web蜜罐
https://github.com/0x4D31/galah
程序分析框架“太阿”:静态分析检测Log4Shell
https://xz.aliyun.com/t/13223
内网渗透
内网渗透中提高隐匿能力
https://sokarepo.github.io/redteam/2024/01/04/increase-your-stealth-capabilities-part1.html
GOAD AD域环境测试环境新增 gmsa 账户、非约束委派账户等脆弱风险
https://github.com/Orange-Cyberdefense/GOAD
终端对抗
通过运行时修改参数绕过EDR的syscall hook
https://malwaretech.com/2023/12/silly-edr-bypasses-and-where-to-find-them.html
Best EDR Of The Market:EDR用户态检测绕过试验场
https://xacone.github.io/BestEdrOfTheMarket.html
https://github.com/Xacone/BestEdrOfTheMarket
EDRSilencer:通过为特定进程添加WFP筛选器阻止EDR出站流量
https://github.com/netero1010/EDRSilencer
EDRNoiseMaker:检查被WFP静默的EDR可执行文件对抗EDRSilencer
https://github.com/amjcyber/EDRNoiseMaker
SignToolEx:劫持signtool.exe使得过期签名证书生效
https://github.com/hackerhouse-opensource/SignToolEx
Stinger:参考泄露的Vault7 Fine Dining工具集提权模块描述复刻的UAC绕过工具
https://github.com/hackerhouse-opensource/Stinger
https://twitter.com/hackerfantastic/status/1742061210424467817
havoc-bloodhound:与bloodhound CE交互的Havoc图形化插件
https://github.com/p4p1/havoc-bloodhound
利用WinSxS文件夹下可执行程序进行DLL劫持
https://www.securityjoes.com/post/hide-and-seek-in-windows-closet-unmasking-the-winsxs-hijacking-hideout
Yara规则研究百日计划:恶意行为Yara检测规则
https://medium.com/@Shinigami42/100daysofyara-45bdce96d48f
https://github.com/Johnnyd4251/100DaysOfYara
SharpGhostTask:在不产生日志的前提下篡改计划任务
https://github.com/dmcxblue/SharpGhostTask
漏洞相关
CVE-2023-51766:SMTP smuggling
https://seclists.org/oss-sec/2024/q1/0
CVE-2023-5217:chromium v8堆溢出漏洞
https://bugs.chromium.org/p/chromium/issues/detail?id=1486441
CVE-2023-32434:IOS/macOS中的整数溢出漏洞
https://github.com/felix-pb/kfd/blob/main/writeups/smith.md
CVE-2023-41974:IOS/macOS中的条件竞争漏洞
https://github.com/felix-pb/kfd/blob/main/writeups/landa.md
一款Windows下辅助进行ROP gadgets搜索的rust库
https://github.com/0vercl0k/rp-bf.rs
云安全
滥用AzureAD动态组 – 第一部分:利用动态组提升权限
https://medium.com/r3d-buck3t/abusing-dynamic-groups-in-azuread-part-1-ff12e328c8c0
其他
大型语言模型幻觉缓解技术综述
https://arxiv.org/abs/2401.01313
Git仓库配置不当带来的供应链安全问题
https://adnanthekhan.com/2023/12/20/one-supply-chain-attack-to-rule-them-all/
来自安全行业公司的2024年安全预测报告汇总
https://www.govtech.com/blogs/lohrmann-on-cybersecurity/the-top-24-security-predictions-for-2024-part-1
https://www.govtech.com/blogs/lohrmann-on-cybersecurity/the-top-24-security-predictions-for-2024-part-2
M01N Team公众号
聚焦高级攻防对抗热点技术
绿盟科技蓝军技术研究战队
官方攻防交流群
网络安全一手资讯
攻防技术答疑解惑
扫码加好友即可拉群
往期推荐
原文始发于微信公众号(M01N Team):每周蓝军技术推送(2023.12.30-2024.1.5)
